That is what is confusing to me I am not using TLS for LDAP. Currently I am just trying to get basic auth working before I add that complexity. I am able to auth ldap directly on the localhost and via my ldap admin tools without problems. JT -----Original Message----- From: freeradius-users-bounces@lists.freeradius.org [mailto:freeradius-users-bounces@lists.freeradius.org] On Behalf Of Seferovic Edvin Sent: Wednesday, October 26, 2005 5:09 PM To: 'FreeRadius users mailing list' Subject: RE: LDAP Authentication Hi, I think that your problem has nothing to do with LDAP.. because .. --- snip --- rlm_ldap: user jtaylor authorized to use remote access --- snip --- Your certificates are not okay.. TLS says that the CA is unknown - TLS Alert read:fatal:unknown CA TLS_accept:failed in SSLv3 read client certificate A Check them... Regards, Edvin _____ From: freeradius-users-bounces@lists.freeradius.org [mailto:freeradius-users-bounces@lists.freeradius.org] On Behalf Of James Taylor Sent: Donnerstag, 27. Oktober 2005 01:26 To: 'FreeRadius users mailing list' Subject: LDAP Authentication I am currently trying to get LDAP authentication to work properly. As I am still learning the ins-and-outs on how all this comes together I am having an issue validating a user with Radius-LDAP. Attached is an example of the debug. Maybe it is just something stupid that I am doing. Thank you for your help! James Taylor EAP-Message = 0x573bea1ceb16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf666044c26dce30b13ecbacd04693e18 rad_recv: Access-Request packet from host 192.168.43.106:1645, id=126, length=151 User-Name = "jtaylor" Framed-MTU = 1400 Called-Station-Id = "0014.6ae0.3180" Calling-Station-Id = "0040.96a6.d46c" Service-Type = Login-User Message-Authenticator = 0x421ab8418995a7c7b6b94367b0d154d9 EAP-Message = 0x0204001119800000000715030100020230 NAS-Port-Type = Wireless-802.11 NAS-Port = 4082 State = 0xf666044c26dce30b13ecbacd04693e18 NAS-IP-Address = 192.168.43.106 NAS-Identifier = "SAP" rlm_ldap: - authorize rlm_ldap: performing user authorization for jtaylor rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user jtaylor authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 rlm_eap_tls: Length Included TLS Alert read:fatal:unknown CA TLS_accept:failed in SSLv3 read client certificate A 9963:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1052:SSL alert number 48 9963:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:837: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. rlm_eap_tls: BIO_read failed in a system call (-1), TLS session fails.